openssl req -new -nodes -keyout private.key -out public.csrThen you will have 2 files, the private key file and the csr file, send the csr file to the trusted CA. Once you've got the certificate signed by the trusted CA, you can use it as your SSL certificate along with the private key

If you need to convert the certifate with X509/DER format to PEM format: